By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

including policies, standards, guidelines and procedures. These documents discuss both the big picture of security as well as the step-by-step installation details for the security of an environment. A set of documents with this much information about your organization should trigger a knee-jerk response -- it has got to be protected!

Your security policy is a roadmap for your organization on how to protect itself from intentional and accidental incidents. However, it is also a manual that instructs malicious entities exactly where your weaknesses are and what means of attack will be most effective. You must treat your security policy in the same vein as any other classified, proprietary or sensitive resource in your environment.

In addition to protecting your security policy from external entities, it is also a good idea to restrict access to internal personnel as well. Users, managers, administrators, etc. should have access only to the procedures and guidelines that apply specifically to their work tasks or systems. There is no need for anyone outside of the upper management and the infosec team to have access to the entire security policy.

As your environment changes and as you alter your system to protect against new threats or specific incidents, you need to update your security policy. As part of that effort, be sure that only the latest and most up-to-date version of the security policy documents remains in circulation. If everyone is not working from the same set of security instructions, then there is more potential for oversight or error resulting in additional security incidents.

About the author James Michael Stewart is a partner and researcher for ITinfopros, a technology-focused writing and training organization.

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy